Hey, there is certainly a built-in way to handle that. How about the Auditing capability which is available in the folder / file properties (Properties -> Security -> Advanced -> Auditing tab)? These audit events get registered in the Security Event log. You just need to enable it for certain folders like Desktop, My Documents, etc. (folders you care about) as it would be highly ineffective to audit the entire drive for obvious reasons. It won't help the OP but at least could be useful for future reference.